[GT500Shlby]

So I have a blackberry 8300 curve for work and since I work for a corporation and corporations dont "get" IT.

Well, these guys block EVERYTHING. I can't even load a theme or google maps. I can't write my own apps to interface with my own infrastructure which is something that is actually "work related."

Anyway around this? What if I switch blackberries and I want to use my old one for something else, any way to get rid of the IT restrictions on it? RIM told me I have to push a blank IT policy, but where do I get something to do that?

[Trevor]

You cannot be on a BES which has an IT policy and not have the policy effect you. I suggest you talk with you IT dept and see what they can do if it is effecting your work.

If you have a legitimate need, they can help.

[GT500Shlby]

Well, what about if I switch to a newer blackberry? The old blackberry will no longer be on a BES server but all of the IT restrictions stay, and I have even reloaded the OS on the phone to no avail. I was told to have a blank IT policy pushed to the phone, but I do not have my own BES server.

I heard something about having a 1 user BES Server Express. I am assuming this is free or relatively inexpensive? Would I be able to use that to push a blank IT policy to the phone to unlock it to use it elsewhere? If so, where do I get it?

Also, my Information Security department is full of a bunch of paranoid business majors that don't actually know anything about security. Their philosophy is to lock everything down to destroy all functionality and then spend millions of dollars on useless applications to add some functionaility - but make it as annoying and unusable as possible. But all they are really doing is making it look secure when in fact they have more holes than a good swiss cheese. Seriously they take a few MIS courses in college and watch Hackers or Sneakers like 10x and think they are Elite Security Professionals. They used to harass me for having firefox on my work PC - until I e-mailed scanned copies of my comp eng, comp sci and acsm degrees to the head of infosec and he replies "point taken."

[audit]

They used to harass me for having firefox on my work PC - until I e-mailed scanned copies of my comp eng, comp sci and acsm degrees to the head of infosec and he replies "point taken."

No offense but degree's mean nothing to me. I've been in this industry for over 20+ years and am very well known in the security and wireless sectors. I've seen way too many people that think because they have a degree or every cert known that they know more then I do. When I was working in the public sector, (Government) I was in charge of a penetration team and I swear that 1/2 of those guys were there just because they had a cert or 2 and was able to pass all the background tests to get the clearance needed.

I understand what your saying about some department heads and what they think is needed compared to what is best for the company and the end users though. When I'm either building a network, securing a network, pen testing one, etc, I always take into consideration what will increase productivity and what will restrict it. I was told by the entire exec board at the company that I'm at now that they only way that I can make our company more productive then I already have is to clone them.

[GT500Shlby]

None taken, I agree that there are some people that have a peice of paper and think they know everything. But I'm not a middle-aged MIS major that thinks I'm some elite hacker or anything. Before I moved to this company I was head of IT for a small software company. When I got there they had 200 employees and a linksys DSL router with a bunch of 10/100 hubs all over the place. When someone came in to the company, a senior guy would give the new guy his PC and then go to like a Best Buy and buy a PC. We had different OS's all different types of PC's, no patching, no standard antivirus. Cat 5 wires running across the floor with tape. It was a disaster.

I basically just fixed problems as they arose until we built our new office and had the building pre-wired with cat 5e, and every office and cubicle had 4 ethernet ports. We had a full server room built with enterprise-grade everything. Firewalls, antivirus servers, OS Patching, managed switches you name it. I even got a brand new fiber channel SAN and a HPC cluster. Trust me, I locked everything down too and tight but it was user friendly and embraced a lot of features. We had to change passwords every 90 days, had to meet a certain complexy requirements and everything else. When everyone came into work the monday we opened the new building everyone had a brand new leased PC with an enterpise OS image, a domain account, email, and even a personal file repository folder (I didn't believe in "shared drives", it was too archaic to me). We even had clearcase for all the code. It was great. PC's went back every 3 years and got replaced with new ones and got imaged and they all were patched, defragged and virus scanned on schedules all automatically. I even had AV on the network. I knew every PC on the network, where it was, what it had installed on it and could get reports of such with a few clicks of my mouse. I also blocked personal e-mail sites but I put a bunch of Mac PCs in the break room on a private network that went directly to the outside and had no acces to the corporate network where employees were allowed to check personal web-based email and surf the internet and the PC's had no disk drives or USB ports accessible. At midnight everynight all those break room PC's automatically had a clean OS imaged pushed to them so the users could do whatever to them and by the next morning they were running like brand new. For 5 years, we never had a virus, a peice of spyware or any intrusions whereas before I was finding our latest software on crack and warez sites and at least once a day a PC would go down because of some sort of virus or malware.

Then we get bought out buy a bigger software company. So I switched companys and here I am. I manage the informatics infrastructure for a department that uses a lot of robotics for drug discovery and that generates a ton of data. I'm also making double the money with better benefits and I do have 10x the yearly operating budget and its a 6 minute morning commute compared to the 1hr and 10 minutes I used to do. So its not all bad.

My only gripe is, where I had sensible security these guys take it too far. Like passwords have to be a mixture of 10 alphanumerics and chars with at least 2 capital letters, one number and one character and then change it every 30 days and I can't reuse any of my previous 15 passwords and it cant be a dictionary word. If you fat-finger the password three times, it locks you out of the account until you call up and have them unlock it. I had accounts lock out when you typed in the password wrong, but 5 times. No brute force password cracker will be successful within 5 tries with an 8char passwords that has 1 number. Or using SMS for patching where you are in the middle of doing something important and it shoves an update to the PC and you lose all your work. They block personal email, but don't even give us a way to check it from work and this is a company that was given awards in the past for allowing people to have lives while at work and being very lenient and sympathetic to the fact that people should be able to get in touch with family and friends during the day. So now people have non-work email sent to their work emails. That generates more spam, and more risk.

Anyway, this is getting way off topic. I got the BES Express server 4.1 last night. What I really want to know is if I can use that to push a blank IT policy to a blackberry to remove all the security so I can use it for other purposes than corporate email. That's all.

I never had blackberries at the other company. Nobody wanted them, they wall wanted to be free from work when they got home. Nowadays its different, with these crackberries and vpn and home offices we work 24/7 and not even know it. But I would prefer a little more functionality so I didn't have to carry two of everything.